General
-
Target
temp_eno.hta
-
Size
1KB
-
Sample
230124-2qx5tsea97
-
MD5
2552f7a77b1834ebc2c62e2f9432e54c
-
SHA1
eedee537ce4bcc252358a1e1a8687b2e50ed19f8
-
SHA256
28deee1dd68bfd6a75ca2794fcae30fa3d349afa4e4bbf5bf8382eefc10a81cf
-
SHA512
5218336d8fb62e68b44a2469ea3cb24b5c94168cc16e9619f6929f75108c36ecabafc8bc6eac1ea4391a88f493543bc8e301c5f74ee30eda135aaed1caecb1fb
Static task
static1
Behavioral task
behavioral1
Sample
temp_eno.hta
Resource
win10-20220901-en
Behavioral task
behavioral2
Sample
temp_eno.hta
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
mikludoykxx.ddns.net:6606
mikludoykxx.ddns.net:7707
mikludoykxx.ddns.net:8808
mikeludomax.ddns.net:6606
mikeludomax.ddns.net:7707
mikeludomax.ddns.net:8808
mikeludoyyxx.ddns.net:6606
mikeludoyyxx.ddns.net:7707
mikeludoyyxx.ddns.net:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
temp_eno.hta
-
Size
1KB
-
MD5
2552f7a77b1834ebc2c62e2f9432e54c
-
SHA1
eedee537ce4bcc252358a1e1a8687b2e50ed19f8
-
SHA256
28deee1dd68bfd6a75ca2794fcae30fa3d349afa4e4bbf5bf8382eefc10a81cf
-
SHA512
5218336d8fb62e68b44a2469ea3cb24b5c94168cc16e9619f6929f75108c36ecabafc8bc6eac1ea4391a88f493543bc8e301c5f74ee30eda135aaed1caecb1fb
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-